BUG/MINOR: net_helper: fix IPv6 header length processing

The IPv6 header contains a payload length that excludes the 40 bytes of
IPv6 packet header, which differs from IPv4's total length which includes
it. As a result, the parser was wrong and would only see the IP part and
not the TCP one unless sufficient options were present tocover it.

This issue came in 3.4-dev2 with recent commit e88e03a6e4 ("MINOR:
net_helper: add ip.fp() to build a simplified fingerprint of a SYN"),
so no backport is needed.

diff --git a/src/net_helper.c b/src/net_helper.c
index 19cea3a6d4c9e6bc7d1f14eda32d61644a181c85..c2cbde5a61fb3a2f2016e33f7b02f59a1554a2d9 100644 (file)
--- a/src/net_helper.c
+++ b/src/net_helper.c
@@ -706,7 +706,7 @@ static int sample_conv_ip_fp(const struct arg *arg_p, struct sample *smp, void *
                if (smp->data.u.str.data < 40)
                        return 0;
 
-               pktlen = read_n16(smp->data.u.str.area + 4);
+               pktlen = 40 + read_n16(smp->data.u.str.area + 4);
                // extension/next proto => ext present if !tcp && !udp
                ipext = smp->data.u.str.area[6];
                ipext = ipext != 6 && ipext != 17;